freeipa

Clone
Source Code
GIT

#4550 [RFE] Add switch to request client machine cert
Closed: Fixed None Opened 9 years ago by rcritten.

Closed: Fixed
Reopen Issue

This is an extension of #4449.

We got a request in https://www.redhat.com/archives/freeipa-users/2014-September/msg00323.html to optionally restore requesting a client cert.

The RFE is to add an option, --machine-cert (or something), which will have certmonger request a certificate and store it in a new database in /etc/ipa/nssdb.

This will require some rpm changes so ipa-client owns the database. I think the db should be ghosted initially and ipa-client-install will generate a new, password-less database on demand. Rights will be root:root mode 644

Honza had already a patch in works for this.

This requires the /etc/ipa/nssdb/ (#3259) that is included in FreeIPA 4.1.

Moving the RFE to 4.1.

master:

  • 4333a62 Fix certmonger.request_cert
  • ca7e0c2 Add ipa-client-install switch --request-cert to request cert for the host

ipa-4-1:

  • 68a36a2 Fix certmonger.request_cert
  • b5f9d40 Add ipa-client-install switch --request-cert to request cert for the host

Metadata Update from @rcritten:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.1
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
enhancement
None
None
Certificate management
None
1
None
None
pvoborni
None
https://bugzilla.redhat.com/show_bug.cgi?id=1138803
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.